Social is the New BYOD: Managing the Risks of Social Media Communications

1

There’s no doubt that using social media communications can offer businesses tremendous business advantage in terms of reaching potential new customers and staying in good touch with the ones they have. In fact, the number of organizations now actively using social media as one of their standard outbound forms of communications is on the rise.

That said, some social media channels are more popular than others and staying compliant is the driver. For example, according to data contained in the Smarsh annual compliance survey for 2015, the use of Twitter and LinkedIn over the span of the last four years has grown considerably where the use of Facebook has not.

Social Media: The Weapon of Self Destruction

At the heart of the compliance focus with social media channels is the balance between personal and business orientation for each of the various channels. LinkedIn is clearly a “professional” oriented networking channel, Twitter is a primarily business-focused means of getting fast-breaking messages out in real-time, but Facebook is largely geared towards promoting personal updates and activities – usually with pictures and third-party comments added by others.

This potential co-mingling of personal and business content as a result of using the same social media channel and persona/profile for both raises some interesting issues to consider. It also mirrors a prior technology adoption cycle that we have now solved for – Bring Your Own Device (BYOD) where the same dilemma presented itself almost immediately.

When looking at the BYOD phenomenon and how it played out, the similarities to using personal social media channels and the same persona for business communications are very real. We can even argue that we are now evolving to BYOP or “Bring Your Own Persona” as the next step beyond BYOD.

The reason that BYOD did not go away and ultimately went mainstream is for two key reasons – personal devices offered a lot more capability than the typical corporate issued device of the time, and IT eventually found a way to effectively “manage” their use for business in a responsible way.

Think about it…the Blackberry was the device of choice for financial services firms to issue new employees because they were very reliable and did a great job at providing secure access to email with instant messaging capabilities as well. However, they were not geared towards being an agile format to support new apps for social media channels like the personally purchased iPhone was. In reality, the iPhone is more of an “app launching device” than a phone when you get right down to it and gave people mobile, anytime, anywhere access to their social media accounts – something they simply could no longer live without.

For a long period of time it was customary to carry two phones (one corporate issued and one personally owned) to keep our business lives and personal lives separate. Although we still see this in regulated industries like financial services, management technologies have evolved now that make it safe for the two worlds to co-exist on the same device and personally owned devices used for both purposes is becoming a lot more commonplace.

Just like consolidating personal and business usage down to the one device with the right management solution, there are now reliable and secure ways to manage the risk out of using the one social media channel persona for both purposes as well. Managing the use of a single persona for business and personal communications eliminates the need to create and maintain two.

Enter Comprehensive Archiving

Comprehensive Archiving Platform technologies now feature support for the capture of social media communications through automated application programming interfaces (API) where the content can be policy-checked, flagged for compliance review, indexed and held centrally for immediate access at a later date. Leveraging the use of a Comprehensive Archive Platform allows businesses to create specific policies around the compliant use of social media channels so their employees can utilize their one personal social media persona for both business and personal communications knowing that it is all being supervised by the organization they work for.

When improper, non-compliant use is automatically detected by the archiving system’s policy-checking engine as the communication goes out, the individual messages are flagged for review. The compliance team can then take remedial action with the individual(s) involved to correct the behavior going forward and have a built in audit trail within the system to show the regulator should they be audited or examined. They can easily demonstrate that they are being responsible with their use of social media and taking corrective action to enforce compliance policies when improper use is encountered, which is exactly what regulators want to see.

If You Can’t Beat ‘Em…Join ‘Em!

It’s no longer an option to simply outlaw the use of social media altogether within an organization and hope to stay competitive with ones that allow it. Yes, an interim step is to allow the use of a select few channels, such as LinkedIn and Twitter, but eventually there will be others that will grow in popularity and reach the tipping point as well where their use will become a necessity. We saw this happen with BYOD, where the interim support phase was to allow the use of only a select few types of personal devices, but the pace of innovation and emergence of newer and more capable devices quickly made that an impossible edict to maintain.

Having an effective way to manage all popular social media channels with a single Comprehensive Archive Platform versus separate systems for each should be a key goal for any organization today and delivers tremendous business value beyond simply avoiding compliance violation-related fines. An organization’s policies for the use of social media communications do not have to be purely for compliance purposes. The stored content can also be leveraged for e-discovery purposes and analytics for business insights over the course of time as well.

The compliant use of social media communications and utilizing a single persona for both personal and business purposes is possible today, provided businesses create the right policies for it and have the right technology in place to automate reliable enforcement to manage the risk out of the equation and reap the benefits.

Share.

About Author

Mike Pagani is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Pagani held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.